Social Networkers Don't Surf Safely, Report Says

Survey results from Webroot indicate users of online social networks such as MySpace and Facebook are not doing enough to protect themselves from hackers and phishing scams.

A survey from Internet security software company Webroot finds
members of online social networks may be more vulnerable to financial
loss, identity theft and malware infection than they realize. Surveying
more than 1,100 members of Facebook, LinkedIn, MySpace, Twitter and
other popular social networks, the company uncovered numerous behaviors
that put social networkers' identities (and wallets) at risk.
Among the results of the survey, two-thirds of respondents don't
restrict any details of their personal profile from being visible
through a public search engine such as Google, and more than half
aren't sure who can see their profile. About one-third include at least
three pieces of personally identifiable information, more than
one-third use the same password across multiple sites, and one-quarter
accept "friend requests" from strangers.

Mike Kronenberg, chief technology officer of Webroot's consumer
business, said the growth of social networks presents hackers with a
huge target. "The amount of time spent on communities like Facebook
last year grew at three times the rate of overall Internet growth," he
said. "Three in 10 people we polled experienced a security attack
through a social network in the past year, including identity theft,
malware infection, spam, unauthorized password changes and 'friend in
distress' money-stealing scams."

Kronenberg said the first step to staying protected is being
aware of what the threats are and knowing how to help prevent them,
noting cyber-criminals employ various types of trickery and malware to
capitalize on risky behaviors. One common tactic is phishing, which
hackers use to entice victims into downloading an infected file,
visiting a disreputable site outside the social network.

The popular social networking site Facebook was recently the target of
multiple phishing scams, as was MySpace earlier in the year. "Hackers
lure users into taking actions they shouldn't by making it appear as if
a friend within their social network has sent them a message - only the
message is from a hacker who's hijacked the friend's account," said
Kronenberg. "We've seen instances where a message includes a link that,
when clicked, prompts the user to download a seemingly legitimate file
which, once on your PC, can do a number of things -- spam your friends,
monitor your online activity or record your personal information."
Results of the Webroot survey indicate a general lack of awareness
of the security risks on social networks and the tools available to
protect personal information, as well as higher rates of risky
behaviors exhibited by younger social networkers. Survey results show
18-29 year olds are more likely to use the same password across
multiple sites (51 percent, versus 36 percent overall), share more
personal information that may compromise online privacy (67 percent
share birth date, versus 52 percent overall) and experience a security
attack (nearly 40 percent, versus 30 percent overall).
In general, pro-active social networking security standards are low,
the survey found. Eighty percent of respondents allow at least part of
their profiles to be searchable through Google or other public search
engines and 73 percent don't restrict any profile information from
being visible through public search. About one-third (32 percent)
include at least three pieces of identifiable information.

Nathan Eddy is Associate Editor, Midmarket, at eWEEK.com. Before joining eWEEK.com, Nate was a writer with ChannelWeb and he served as an editor at FierceMarkets. He is a graduate of the Medill School of Journalism at Northwestern University.